How to respond to a data breach

Small technology businesses are increasingly at risk of a data breach. In fact, small businesses make up 46% of all cyberattacks, according to Verizon’s Data Breach Investigation Report.

The impact can be devastating. A data breach or a cyberattack could shut down your business, deplete your bank accounts, and damage your company’s reputation in ways that can make it hard to recover. Just imagine what the impact would be if customer information or personal information was exposed in a security incident, or if you lost access to systems that run your business operations.

A rapid response is crucial to protecting you, your employees, and your customers. A data breach response plan can help limit the damage and keep your tech business running. It’s an important part of any risk management plan, especially when sensitive data is involved.

Just as many businesses hold fire drills and have a disaster response plan in place, a data breach response plan spells out exactly how your business will respond to a cyber incident.

It should give you and your team members step-by-step instructions in how to proceed if sensitive data is stolen or compromised. Your crisis management plan is just as important to your information security as firewalls and passwords.

These plans often involve identifying a breach, putting a stop to it, figuring out what was lost, notifying those affected, and complying with relevant laws and regulations. Alongside your cyber liability insurance policy, it'll help ensure you can get your business back up and running with minimal loss.

While tech businesses can definitely handle a wide range of data and serve a range of clients, these guidelines should be helpful:

1. Alert your incident response team. It’s important to have one or two people responsible for initiating and overseeing your response. Everyone in your company should know who they are and how to contact them in case there’s an IT security breach or similar threat to your data security.

If you are a sole proprietor or if you don’t have someone on your information technology team with enough cybersecurity expertise, it’s a good idea to have a vendor you could turn to for help. Get in touch with your security team the moment you suspect a problem.

2. Identify and isolate all affected systems. Disconnect all affected devices from your network and place them in quarantine until your cybersecurity team (or vendor) can purge them of viruses and malware.

3. Contact your cyber liability insurance company. Not only can this coverage limit your financial losses, your cyber insurance liability provider can often help guide you in your response. If you’re the victim of a ransomware attack, your insurance provider might be able to help you negotiate with the hackers.

In the tech industry, cyber liability insurance is often purchased with errors and omissions insurance in a bundle called tech E&O.

4. Comply with data breach notification laws. Depending on the type of sensitive information stolen, your state may require you to notify all affected individuals within a certain time period, and could issue hefty fines if you fail to do so. In addition to those directly affected by the breach, you may need to notify law enforcement, regulatory boards, and consumer protection agencies.

If your technology business handles health information, a breach could violate the Health Insurance Portability and Accountability Act (HIPAA). Any HIPAA violations would have to be reported to the Department of Health and Human Services. If you're unsure who you need to notify, seek out legal counsel to help ensure you comply with federal and state laws.

5. Investigate the breach and correct any flaws. Change all passwords and make sure they’re more complex than those they replace. Find out what data was accessed or stolen and check the logs of all data transfers. Once you identify the source of the breach, you can work toward a solution and prevent it from happening again.

6. Set up credit monitoring. You can help put your customers at ease, and reduce the possibility of identity theft or a lawsuit, by offering this to anyone who was affected. It’s also a good idea to do this for any affected employees and your own business accounts.

7. Repair your reputation. While certain notifications are required by law, your incident response plan may include notifying the media and getting the word out through a press release or social media channels. Let people know what happened and what you’re doing to address the problem. Make sure you follow up with regular updates, as needed.

By using a proactive approach, you can work to control the narrative and help reduce any damage to your company’s reputation. You might consider hiring a public relations consultant to help restore your reputation.

8. Conduct a cyber incident postmortem. After the data leaks have been plugged and your business returns to normal, it’s important to have a forensics team do a detailed analysis of your data breach response plan. That includes how it was implemented, how you can prevent a breach from happening in the future, and what you’ll do differently if it does.

No matter how strong your security posture and data protection measures are, cybercriminals are still going to test your systems and could ultimately gain access. It's an ongoing battle of offensive and defensive measures, so vigilance is crucial to protecting your business.

This is especially important if you store any personally identifiable information (PII), such as Social Security numbers and medical data, or credit card numbers and other important financial information.

Your ability to respond to an attack could save your business, but ideally you want to avoid data breaches in the first place. Luckily, there's a lot you can do to reduce the risk, including strong passwords, employee training, and other basic measures like firewalls.

The Federal Communications Commission's Cyberplanner is a tool designed for small businesses to create customized cybersecurity plans.

The Cybersecurity and Infrastructure Security Agency provides information on software vulnerabilities, patches, and malware.

The Federal Trade Commission supplies information on how to reduce your cybersecurity risks, plus videos that could be used for employee training.

The Small Business Administration is a trusted source of information on cyberthreats, malware, viruses, ransomware, and phishing.

The Better Business Bureau provides cybersecurity resources for businesses and consumers.

Have I been pwned? lets you find out if your phone or email has been hacked.